Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Better Resilience Sees More Extorted Companies Refuse To Pay Their Ransomware Attackers

There's some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. That's one of the findings of insurance broker Marsh, which conducted an analysis of the more than 1800 cyber claims it received during 2023 from its clients in the United States and Canada. According to Marsh, ransomware attacks were linked to less than 20% of all claims made to the firm during the last year.

Top 10 Passwordless Authentication Solutions for Customers

Passwords are broken. They’re the weakest link in our digital security chain, costing businesses billions. According to a study by Forbes Advisor, 46% of Americans have had their passwords stolen in the past year. Traditional password-based authentication is weak and makes individuals and businesses vulnerable. But what if we didn’t have to use passwords at all?

Polyfill Supply Chain Attack Injects 100,000+ Websites with Malware via CDN Assets

Polyfill.js is a Javascript library that helps old browsers run new modern features which these old browsers do not support natively. The library is popular among developers for helping them offer consistent user experience regardless of the browser environment the user is using. In February 2024, a Chinese company bought the domain polyfill.io and the Github account associated with it. Since then, they’ve been serving malware via cdn.polyfill.io as pointed by the team at Sansec.

Jira Project Recovery Guide: How To Restore Deleted Jira Project

If you lose a Jira project it can seem like a terrifying experience, but there are ways to restore those deleted projects. Whether it’s an unintentional or purposeful deletion that has to be reversed, if you understand Jira’s restore functionality and the value of backup solutions, it may save a lot of your time, money, and work.

New MOVEit Bug Actively Exploited Within Hours of Public Disclosure

A high-severity security flaw in Progress Software's MOVEit Transfer platform is being exploited in the wild just hours after its disclosure. This vulnerability, identified as CVE-2024-5806, allows attackers to bypass authentication mechanisms and pose as any valid user, thereby gaining access to sensitive files.

Chinese APT Groups Use Ransomware for Espionage and Diversion

Cyberespionage groups are increasingly using ransomware not just for financial gain but also as a tactic to complicate attack attribution, distract defenders, or serve as a secondary objective to data theft. A recent report highlights the activities of ChamelGang, a suspected Chinese advanced persistent threat (APT) group, which uses the CatB ransomware strain to target high-profile organizations globally.

Adversarial Robustness in LLMs: Defending Against Malicious Inputs

Large Language Models (LLMs) are advanced artificial intelligence systems that understand and generate human language. These models, such as GPT-4, are built on deep learning architectures and trained on vast datasets, enabling them to perform various tasks, including text completion, translation, summarization, and more. Their ability to generate coherent and contextually relevant text has made them invaluable in the healthcare, finance, customer service, and entertainment industries.

Data Anonymization Techniques for Secure LLM Utilization

Data anonymization is transforming data to prevent the identification of individuals while conserving the data's utility. This technique is crucial for protecting sensitive information, securing compliance with privacy regulations, and upholding user trust. In the context of LLMs, anonymization is essential to protect the vast amounts of personal data these models often process, ensuring they can be utilized without compromising individual privacy.